Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The command shell options are not disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13701 | WA000-WI110 | SV-14311r1_rule | High |
| Description |
|---|
| The command shell can be used to call arbitrary commands at the Web server from within an HTML page. |
| STIG | Date |
|---|---|
| IIS 7.0 Server STIG | 2019-03-22 |
Details
| Check Text ( C-10952r1_chk ) |
|---|
| Ensure the shell command is disabled. Check the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters For the following value: SSIEnableCmdDirective REG_DWORD 0 If the value is not a REG_DWORD= 0, this is a finding. If the registry key does not exist for IIS 5 or IIS 6, this would not be a finding as it defaults to disabled. Previous versions of IIS should be marked as a finding if the key does not exist. -------------------- |
| Fix Text (F-13146r1_fix) |
|---|
| Ensure the shell command is disabled. Set the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters To the following value: SSIEnableCmdDirective REG_DWORD 0 |